CVE-2004-2418 - Buffer overflow in SlimFTPd 3.15 and earlier allows local users to execute arbitrary code via a long

CVE-2004-2418

Summary

Buffer overflow in SlimFTPd 3.15 and earlier allows local users to execute arbitrary code via a long command, such as (1) CWD, (2) STOR, (3) MKD, and (4) STAT.

References

http://archives.neohapsis.com/archives/fulldisclosure/2004-11/0293.html
http://www.whitsoftdev.com/slimftpd/
http://www.securityfocus.com/bid/11645
http://www.osvdb.org/11604
http://securitytracker.com/id?1012167
http://secunia.com/advisories/13161
https://exchange.xforce.ibmcloud.com/vulnerabilities/18014

Vulnerable Configurations

cpe:2.3:a:whitsoft_development:slimftpd:3.15:*:*:*:*:*:*:*
cpe:2.3:a:whitsoft_development:slimftpd:3.15:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	11645
confirm	http://www.whitsoftdev.com/slimftpd/
fulldisc	20041110 [Advisory + Exploit] SlimFTPd <= 3.15
osvdb	11604
sectrack	1012167
secunia	13161
xf	slimftpd-multiple-command-bo(18014)

Last major update

14-02-2024 - 01:17

Published

31-12-2004 - 05:00

Last modified

14-02-2024 - 01:17